Privacy Policy

Last Updated: November 7th, 2023

Ouster, Inc. and its affiliates (collectively, “Ouster”, “we”, “our”, “us”) are committed to protecting the privacy of visitors to its websites (our “Sites”) - including ouster.com and velodynelidar.com – and users of its hardware and software products and offerings (“Products” and collectively with the Sites, our “Services”).

We have established this Privacy Policy to set out the basis on which we will process any personal data we collect from you, or that you provide to us, in connection with your access and/or use of our Services. Please read this Privacy Policy carefully so that you understand your rights in relation to your personal data.

When you access our Services in any manner, you are consenting to and acknowledging that you accept the practices and policies outlined in this Privacy Policy. If you do not agree with this Privacy Policy in general or any part of it, please do not access our Services.

  1. WHO WE ARE

Ouster, Inc. is a corporation established in Delaware with a registered office at 350 Treat Avenue San Francisco, CA 94110 United States.

  1. DATA WE COLLECT AND HOW WE USE IT

Processing Activities Covered

This Privacy Policy applies to the processing of personal data collected by us when you:

Access and/or our Services that display or link to this Privacy Policy; Visit our branded social media pages; Visit our premises; Receive communications from us or otherwise communicate with us, including but not limited to emails, phone calls, texts or faxes; Use our Services where we act as a controller of your personal data; Register for, attend or take part in our events, webinars, programs, trainings, certifications or contests; Act as or work for a service provider or supplier to Ouster, to the extent Ouster acts as a controller with respect to your personal data; Are employed by a customer of our Services where your personal data has been shared with us in our capacity as a controller (for example, during the contracting process); and/or Participate in an Ouster community (e.g., open source development community).

We may also invite you to participate in a survey or take a questionnaire relating to some aspects of our business. If you choose to participate in an Ouster survey, any personal data you provide may be used in an aggregated and anonymised format for marketing or market research purposes.

When you access and/or use our Services, we automatically collect internet, electronic activity, and other data sent to us by your computer, mobile phone or other access device. This data includes your IP address, device information including, but not limited to, identifier, name, and type of operating system, mobile network information and standard web information, such as your browser type and the pages you access on our Services.

Data Collected by Ouster

The types of data we collect and maintain through the collection methods above include, without limitation:

Contact information, including such as your name, job title, company name, address, phone number, email address, username and password, other information you have voluntarily chosen to share; Username, photo, video or other biographical information, such as your occupation, location, social media profiles or usernames, company name, areas of expertise and interests; When you purchase the Services, financial and billing information, such as billing name and address, credit card number or bank account information; Information concerning how you heard about Ouster and your interest in the company; Correspondence you send to us, including questions, testimonials, comments, and suggestions; and Requests to receive or not to receive periodic updates from us.

Data from Third Parties

We also receive data about you from other third-party sources including, without limitation, suppliers, business partners, and authorized resellers of our Services. This data may include:

Data that is published by third parties and/or that third parties have collected from you when you contact them and/or visit or use their products or services; Data provided by another individual at your organization; and Platforms such as GitHub to manage code check-ins and pull requests.

How We Use Your Data

As it is in our legitimate interests to provide effective Services, we collect and use this data in order to: (i) administer and provide the Services and customer support per your request; (ii) improve the Services; (iii) personalise our Services to ensure content displayed through our Services is presented in the most effective manner for you and your device; (iv) monitor and analyse trends, usage and activity in connection with our Services; (v) administer our Services by conducting troubleshooting, warranty claims, data analysis, testing, research and statistical analysis; (vi) keep the Services safe and secure; (vii) enforce the Services’ terms and conditions; (viii) measure and understand the effectiveness of the content we serve to you and others; and (ix) communicate with you including contacting you by telephone or email.

If you have consented to marketing, we will also use your personal data to communicate with you about products, services, promotions, events and other news and data we think will be of interest to you. If we send you a marketing email, it will include instructions on how to opt-out of receiving these emails in the future.

Candidates

If you are applying to a job with Ouster, we will process the following additional data with your consent, in order to comply with the law and/or because it is necessary for us to determine whether to enter into an employment contract with you:

Personal data you provide to us. Your name; contact information; date of birth; work experience; educational qualifications; compensation; social security number and/or national ID number; ability to work in the country for which you are applying for employment; any additional information you upload as part of the application process (such as information from your CV). We use this information to evaluate your application and contact you. Sensitive information. Where permitted by law, you may have the option of providing certain sensitive personal data with your consent, such as race or ethnic origin. We use this information for the purposes of equal opportunities monitoring. Information from third parties. We may receive information from third parties in connection with your application such as referees, recruiters and organisations that provide background checks (for example, on your right to work, criminal reference checks, motor vehicle record background checks) to the extent permitted by applicable law. We use this information to evaluate your application.

  1. COOKIES

We use cookies to collect data about your browsing activities over time. They allow us to recognise and count the number of users and to see how users move around our Services when they are using it. This helps us to improve the way our Services work. For more information about cookies, please refer to the Cookies Policy made available on our Sites.

  1. how long do we store your personal data?

We may retain your personal data for a period of time consistent with the original purpose of collection or as long as required to fulfil our legal obligations. We determine the appropriate retention period for personal data on the basis of the amount, nature, and sensitivity of the personal data being processed, the potential risk of harm from unauthorized use or disclosure of the personal data, whether we can achieve the purposes of the processing through other means, and on the basis of applicable legal requirements (such as applicable statutes of limitation).

After expiry of the applicable retention periods, your personal data will be deleted. If there is any data that we are unable, for technical reasons, to delete entirely from our systems, we will implement appropriate measures to prevent any further use of such data.

For more information on data retention periods, please contact us at privacy@ouster.io.

  1. DATA SHARING

We do not use or share your personal data to others except as described in this Privacy Policy. We may share any of the categories of personal data identified above for business purposes as described in this section:

Service Providers. We may disclose your data to third party service providers for business purposes such as IT service providers such as cloud storage (to store your personal data and to provide disaster recovery services) and SaaS services. These service providers perform tasks on our behalf so we may need to share your personal data with them to the extent needed to provide our services. Affiliates. We may share any categories of personal data we collect within our corporate family. Event sponsors. If you attend an event or webinar organized by us, or download or access an asset on our Services, we may share your personal data with sponsors of the event. If required by applicable law, you may consent to such sharing via the registration form. In these circumstances, your data will be subject to the sponsors’ privacy statements. Business Partners. We may share your personal data with our business partners that offer supplementary services to those provided by Ouster or that resell the Services.

We will share your data with law enforcement agencies, public authorities or other organisations if legally required to do so, or based on our legitimate business interest if such use is reasonably necessary to:

comply with a legal obligation, process or request; enforce our terms and conditions and other agreements, including investigation of any potential violation thereof; detect, prevent or otherwise address security, fraud or technical issues; or protect the rights, property or safety of us, our customers, a third party or the public as required or permitted by law (exchanging data with other companies and organisations for the purposes of fraud protection and credit risk reduction).

We may also disclose your data to third parties in our legitimate business interests if we either:

sell, transfer, merge, consolidate or re-organise any part(s) of our business, or merge with, acquire or form a joint venture with, any other business, in which case we may disclose your data to any prospective buyer, new owner, or other third party involved in such change to our business; or sell or transfer any of our assets, in which case the data we hold about you may be sold as part of those assets and may be transferred to any prospective buyer, new owner, or other third party involved in such sale or transfer.

Ouster does not sell your data to third parties. Ouster does permit third parties to collect the data described above for business purposes as described in this Privacy Policy.

  1. WHEN YOU SHARE YOUR INFORMATION

Our Services may include social media features for sharing purposes (e.g. sharing an embedded YouTube video on various social media sites). Where our Services let you share data with other people, you have control over how you share. We will not share your data or post to your social networks without your permission.

  1. LOCATION OF OPERATION; INTERNATIONAL TRANSFERS

The Services are offered and operated globally. Your personal data will be transferred to and stored at/processed in the United States, the European Union, and those other jurisdictions in which Ouster operates.

Therefore, your personal data may be processed outside your country or jurisdiction, including in places that are not subject to an adequacy decision by the European Commission or your local legislature or regulator, and that may not provide for the same level of data protection. We ensure that the recipient of your personal data offers an adequate level of protection and security, for instance by entering into the appropriate back-to-back agreements and, if required, standard contractual clauses or an alternative mechanism for the transfer of data as approved by the European Commission (Art. 46 GDPR) or other applicable regulators or legislators. Where required by applicable law, we will only share, transfer or store your Personal Data outside of your jurisdiction with your prior consent.

  1. CHILDREN

The Services are not intended for persons under 13 years of age, and we do not knowingly collect personal data from any person under 13 years of age. If you are a child under 13, please do not attempt to send any personal data about yourself to us. If you believe that your child under the age of 13 has submitted personal data to us in connection with our Services, please contact us at privacy@ouster.io so that we may take steps to delete such information as quickly as possible, as may be required under the Children’s Online Privacy Protection Act of 1998 and other relevant laws.

  1. ADDITIONAL POLICY INFORMATION

No Guarantee of Security in Transmission

Once we receive your personal data, we take appropriate technical and organisational measures to safeguard your personal data against loss, theft, unauthorised use, access or modification. However, although we use commercially reasonable efforts consistent with industry standards to keep your personal data secure, we cannot guarantee complete security of your personal data transmitted through our Services or over email. We will, from time to time, host links to and from the websites of our affiliates or third parties. If you follow a link to any of these websites, these websites will have their own privacy policies and we do not accept any responsibility or liability for these policies. Please check these policies before you submit any information to those websites.

Service Announcements

We may, from time to time, send you announcements (for example, security, privacy, or administrative-related communications). You may not opt-out of these service-related announcements, which are not promotional in nature.

Policy Updates

We make revisions or updates to this Privacy Policy from time to time. If we make such an update or revision, we will place a notice on our Sites. Please check our Services regularly for notices of changes to our Privacy Policy as any updates, once noticed and published, will still govern your use of our Services. If you use our Services after any changes to the Privacy Policy have been posted, that means you agree to all of the changes.

Further Information

If you have any questions or concerns or complaints regarding our Privacy Policy or our practices, please send us a detailed message to privacy@Ouster.io, and we will try to resolve your concerns as soon as possible.

Annex 1 – GDPR Privacy Notice

If you are located in the United Kingdom or the European Union, you may have additional rights under the Data Protection Act (“DPA”) or the EU General Data Protection Regulation (“GDPR”), respectively. This Annex serves as notice of your rights under the DPA and GDPR.

A) Lawful Basis for Processing

We process the personal data collected for the purposes described in the section entitled “Data We Collect and How We Use It” in our Privacy Policy. We rely upon the following lawful bases for processing of your personal data:

I) Legitimate Interest. We process your personal data in our legitimate interest (except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject, which require protection of personal data) such as for marketing purposes, to respond to your inquiries or provide technical and other support, or to otherwise inform you of our business operations, and to improve our products and services. We may also rely upon a legitimate interest where we are processing your personal data to comply with law or legal obligations or in connection with a merger or sale of the company.

II) Necessary to Perform Contract. We process your personal data as necessary to enter into and perform contracts, such as to sell and ship products to our customers and provider warranty and other services.

III) Consent. We may request your consent to process your personal data. Please note that if we rely upon consent, you may withdraw your consent at any time by emailing us at privacy@ouster.io, but such withdrawal will not affect the lawfulness of the processing prior to the withdrawal.

B) Data Subject Rights. Data subjects of the European Union and United Kingdom have the following rights:

I) Access, Correction and Erasure Requests. You have the right to: (a) contact us to confirm whether we are processing your personal data; (b) receive information on how your personal data is processed; (c) obtain a copy of your personal data; (d) request that we update or correct your personal data, and (e) request that we delete personal data in certain circumstances. II) Right to Object to Processing. You have the right to request that we cease processing of your personal data for marketing activities, including profiling for statistical purposes where such processing is based on our legitimate business interests, unless we are able to demonstrate a compelling legitimate basis for such processing or we need to process your personal data for the establishment, exercise, or defense of a legal claim III) Right to Restrict Processing. You have the right to request that we limit the processing of your personal data: (a) while we are evaluating or in the process of responding to a request by you to update or correct your personal data where such processing is unlawful and you do not want us to delete your personal data; (b) where we no longer require such data, but you want us to retain the data for the establishment, exercise, or defense of a legal claim; (c) where you have submitted an objection to processing based on our legitimate business interests, pending our response to such request. IIII) Data Portability Requests. You have the right to request that we provide you or a third party that you designate with certain of your personal data in a commonly used, machine readable format. Please note, however, that data portability rights apply only to personal data that we have obtained directly from you and only where our processing is based on consent or the performance of a contract.

To exercise any of these rights, please contact privacy@ouster.io.

C) Alleged Violations.

If you believe our processing of your personal data violates data protection laws, you have a legal right to lodge a complaint with a supervisory authority responsible for data protection. You may do so in the United Kingdom or European Union member state of your habitual residence, your place of work, or the place of the alleged violation.

Annex 2 – California Privacy Notice

Under California Civil Code 1798.83, California residents who have provided personal data to Ouster may obtain information regarding Ouster’s disclosures, if any, of personal data to third parties for third-party direct marketing purposes. Requests must be submitted to the following email address: privacy@ouster.io. Within 30 days of receiving such a request, we will provide a California Privacy Disclosure, which will include a list of certain categories of personal data disclosed during the preceding calendar year to third parties for their direct marketing purposes, along with the names and addresses of the third parties. This request may be made no more than once per calendar year.